Passwords Policy
Min Length - 12 characters
Password age = 365 days for regular users
Password age = 90 days for all tech group accounts because of increased privilege's (accounts with yubikey are exempted).
Complexity:
Does not contain the user's account name or parts of the user's full name that exceed two consecutive characters
Must contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Do's:
- At least 12 characters. Longer passwords are stronger passwords. Passwords should be at least 12 characters, with a mixture of UPPER CASE, lower case, numb3rs, and spec!@l characters.
- Different passwords for different accounts. Each online account should have its own unique password.
Don't:
- Reuse passwords used on your other accounts.
- Well-known phrases. RollTide, GoBama and NationalChamps2009 are all great things, but they make for terrible passwords.
- Openly accessible information. Do not use common or well known things about you that could be easily guessed by a malicious actor. If your birthday, anniversary or pet's name can be found on your social media accounts, they should not serve as your password.
- Commonly used passwords. P@$$w0rd is not a good password. Get creative with your passwords! LastPass can help create unique, long passwords
- Non-secure storage. A post-it note under your keyboard is not a safe keeping place for your passwords.
- Share your passwords with other people.
Suggestions:
- A quirky combination. Make your passwords a riddle that makes sense to you. Here's an example -m1D!tvBd!tWwW This may look like a jumbled mess, but to the owner, it means "my first dog is the very best dog in the whole wide world."
- Use a sentence: The big h0rse jumped over the little g0at!
- Use LastPass. UA students, faculty and staff have access to LastPass password manager. LastPass keeps track of all of your passwords, and it keeps personal and University passwords separate.